Trusted boot is a process for booting and establishing a chain of trust in a computing system. With reference to the environment (100) of FIG. 1, for example, a system administrator takes delivery of a server (a managed system (120)) and proceeds to install system software. The managed system (120) comprises a secure device (125), e.g. a TPM (Trusted Platform Module). Once the system (120) is configured and booting, each component (hardware and/or software) of the managed system (120) cryptographically measures another component and can “extend” (but not directly write to) a measurement value into a Platform Configuration Register (PCR) of the TPM (125). Each component is also operable to access an event log in order to write data associated with the measurement of a component into an entry associated with the event log.
The administrator trusts the configuration and takes these initial measurements as trusted. The assumption is that no one has subverted the system after the install/configuration and before the measurements were recorded.
The measurements can be remotely attested by a managing system (105) which has a database (115) to store expected attestation values for components of each managed system. The values would typically be stored along with some metadata describing what the values mean. The managing system (105) comprises a TPM emulator (110) for e.g., comparing the measurements with the values. The remote attestation process itself may be initiated by either the managing or managed system.
Changes to the managed system (120) can be detected by subsequent trusted boot and remote attestation processes.
The above processes are described, for example, in section 4 of the Trusted Computing Group (TCG) Specification Architecture Overview; Specification; Revision 1.4; 2 Aug. 2007 and section 2 of the TCG Infrastructure Working group Architecture Part II—Integrity Management; Specification Version 1.0; Revision 1.0; 17 Nov. 2006.
The trusted boot process and remote attestation process described above work well when the boot process is well defined, for example, in a games console which has a simple non-interactive boot process. In more advanced computing systems, for example, a POWER (POWER is a registered trademark of International Business Machined Corporation) server, the boot process can be complicated by the optional involvement of an interactive component, whereby low-level firmware can be diverted to an interactive component. In many server systems, the interactive component typically comprises an OF (Open Firmware) prompt and in Intel (Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries) systems, the interactive component typically comprises an EFI (Extensible Firmware Interface) prompt. An interactive component is not unique to a physical system—virtual machines may also have interactive components.
For example, a user of the system can have the option, when booting, to input to an interactive component, for example, by pressing a function key. The interactive component is typically presented as a command prompt or a menu and can allow a user to change settings and run code before control is transferred to the next measured boot component. Use of the interactive component can be for legitimate administrative uses, for example, an administrator can use the interactive component and perform tasks e.g., running pre-defined commands to perform system configuration and diagnosis; inputting code which will be executed. Thus, a generic decision that use of the interactive component should be deemed untrusted does not work well in practice. However, the use of the interactive component is open to malicious attack e.g., typically, memory can be read from and written to the interactive component and it is even possible to re-write memory where the firmware resides.
Note that securing the trusted boot process is especially important in certain environments e.g., in a cloud computing environment whereby an application, for example, a banking application, (and an associated virtual machine) can be migrated to shared resources within the cloud. A trusted boot process can be applied to shared resources in addition to being used by virtual machines.